Editorial Analysis || A good beginning: on draft data protection bill

• Vast amounts of personal data are collected by private companies and state flows across internationally.

• The absence of a data protection Law in India is a concern.

• In many cases, individuals whose data have been used and processed by agencies do not know the purpose for which they are being used.

• The need for a law rose in the landmark K.S Puttaswamy v. Union of India judgment which held the right to privacy as a fundamental right.

• The draft law on data protection by a committee of experts chaired by Justice B.N.Srikrishna to the Ministry of Electronics and Information Technology provides a foundation on which India can build a legal framework.

What are the objectives of the data protection bill?

• It wants to formalize the relationship between individuals and companies or state into

• “data principals”, whose information is collected and

• “data fiduciaries”, those processing the data

• This is similar to a contract that forced the entities with data to ask for the consent of the “principal” for the use of personal information.

• The draft puts the responsibility to seek clear, informed, specific and free consent on the “data fiduciary”.

• In many ways, the draft is similar to the General Data Protection Regulation(GDPR) implemented in the European Union in May to provide “data principals” the rights to confirmation, correction of data, portability and “to be forgotten”.

• It proposes the creation of a regulatory Data Protection Authority of India to protect “principals” and monitor the implementation of the provisions of the data protection law.

Conclusion

• The draft bill and the report is a welcome step forward, but there are some problems like

• The exemptions granted to government institutions from asking consent from principals or processing personal data appear to be too lenient.

• The report recommends a law for parliament and judicial approval for such cases where no consent is asked for use of data.